JS escaping in appConfig

Created on 9 May 2023, about 1 year ago

Problem/Motivation

Strings are injected to appConfig without being escaped, it is ok for EN strings, but for other languages it could lead to breaking the whole dashboard.

For example, Your feed could be translated to Votre fil d'actualité in FR, which breaks the dashboard JS (due to the single quote not being escaped).

Steps to reproduce

Setup 2 or more languages
Using /admin/config/regional/translate search for Your feed and translate it to Votre fil d'actualité
Open HP in FR and see empty Dashboard
Check console & see `Uncaught SyntaxError: Unexpected identifier 'actualité'`

Proposed resolution

Use twig escape filter for strings used in JS. Attached patch does that.

Remaining tasks

N/A

User interface changes

N/A

API changes

N/A

Data model changes

N/A

🐛 Bug report

Status

RTBC

Version

3.0

Component

Code

Created by

🇫🇷France nguerrier

Live updates comments and jobs are added and updated live.

Comments & Activities

Issue created by @nguerrier
Status changed to RTBC about 1 year ago4:32pm 9 May 2023
Comment about 1 year ago →
🇫🇷France andypost
looks like all frontend translation strings need to be filtered before js can consume it

contrib.social Blog FAQ Discussions

Production build 0.69.0 2024